finlab
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is designed for quantitative financial analysis and explicitly includes diagnostic tools (e.g.,
verify_strategy()) to help users prevent logical errors such as lookahead bias. - [COMMAND_EXECUTION]: The skill utilizes the
uvpackage manager for environment setup and dependency management. These are standard, non-malicious shell operations for Python development environments. - [EXTERNAL_DOWNLOADS]: Installs the author's own library (
finlab) along with standard industry SDKs (shioaji,esun-trade) and popular data science libraries (optuna,lightgbm,scikit-learn) from the official Python Package Index (PyPI). - [CREDENTIALS_UNSAFE]: Adheres to security best practices by instructing users to manage broker credentials through environment variables instead of hardcoded secrets.
- [DATA_EXFILTRATION]: No unauthorized data transmission was found. Network activity is limited to user-initiated sessions for market data fetching, authentication via standard OAuth flows, and broker order execution.
Audit Metadata